Security Audits That Don’t Guess.
Three-pass adversarial verification for OpenClaw agents and apps built fast with AI tools. Near-zero false positives. Delivered in 48 hours.
Brand promise: Every Critical and High finding in your report has survived a structured three-pass challenge by independent model instances. If we can’t prove it, we don’t ship it.
Current Status
When you pay, your job enters the queue and we process it within your tier’s delivery window. You’ll receive a confirmation email with your estimated delivery time.
Queue position is first-come, first-served within each tier.
Who We Audit
Each surface has a distinct attack model. We’ve built specialized skill sets for both. Purpose-built audits, not generic scans.
OpenClaw Agents
Your agent is running autonomously — with tool access, persistent memory, and live infrastructure. That’s a new attack surface most auditors have never encountered. We audit the specific threat model that comes with agentic AI systems.
- Lethal Trifecta workflow mapping (Memory + Skills + Soul)
- SOUL.md jailbreak & prompt injection testing
- SKILLS.md supply chain scanning for malicious logic
- MEMORY.md secrets & PII exfiltration audit
- Capability privilege escalation review
- Webhook HMAC signature & channel security
Vibe-Coded Apps
You built something real with Cursor, Claude Code, Bolt, or Lovable. Fast and functional. Now it needs to survive production. We audit the security patterns LLMs consistently get wrong — because we’ve seen them fail across hundreds of apps built exactly the way yours was.
- Auth flow & JWT vulnerability audit
- API key & secrets exposure scan (including public JS bundles)
- Supabase / Firebase RLS & rules deep analysis
- Tool-specific pattern detection (Cursor, Bolt, Lovable, Claude Code)
- Dependency CVE triage with prioritized fix order
- Pre-Launch Certificate after clean audit
All 22 security skills run in parallel. Raw findings JSON generated. The model is deliberately broad at this stage — the 3-pass system exists precisely to filter it.
Receives only the findings array. For every Critical and High: demands specific proof, verifies CVSS 3.1 methodology, checks known tool-specific false positive patterns. Separate context window = zero author bias.
Sees Pass 1 + Pass 2 together. Issues final status: CONFIRMED, POTENTIAL (flagged for operator human review), or REMOVED. Operator reviews all POTENTIAL items before PDF is generated and sent.
The 3-Pass Adversarial Pipeline
The entire brand runs on audit accuracy. Every finding that reaches your report has survived a structured three-pass challenge. Independent model instances. Zero shared context. No author bias. You get what we can prove — nothing more.
Security At Every Stage.
Every tier uses the same 3-pass adversarial pipeline. The difference is scope, depth, and testing surface. All prices in USD.
Security Snapshot
Zero active API calls. We analyze your public surface, headers, JS bundles, and infrastructure signals. Perfect for a quick check after shipping.
- 22 security dimensions analyzed
- HTTP headers, JS secrets, dependency CVEs
- Infrastructure and Supabase/Firebase review
- AI tool detection (Cursor, Lovable, Bolt, v0)
- 3-pass adversarial verification
- Branded PDF report in 24-48 hours
- Copy-paste remediation steps
You provide: App URL only.
Deep Audit
Full active testing with signed authorization. Our deepest single engagement for apps handling real user data. Earns a Pilum Certificate of Compliance.
- Everything in Snapshot, plus:
- Active Supabase/Firebase RLS testing
- Authentication flow testing
- API endpoint security testing
- Source code static analysis
- Social engineering surface scan
- 3-level remediation playbook per finding
- Pre-Launch Certificate eligibility
You provide: App URL + GitHub repo. Signed document required.
Guardian Quarterly
Full Deep Audit on signup, then monthly monitoring with quarterly re-audits. No monthly option — no loopholes.
- Full Deep Audit in week 1 (same as $1,499 Tier 2)
- Monthly Tier 1 passive re-scan + delta analysis
- Full Deep Audit re-run every quarter
- Monthly PDF trend report (new / resolved / unchanged)
- Immediate Critical/High alerts within 1 hour
- Priority 4-hour response time
- GitHub webhook integration (HMAC verified)
- Overage pricing: $15/extra production trigger, $49/extra on-demand
You provide: App URL + GitHub repo Authorization: Single signed document covers full subscription
Guardian Annual
Everything in Guardian Quarterly, billed annually. 4 full Deep Audits per year + 12 monthly monitoring reports.
- 4x full Deep Audits (one per quarter — $5,996 value)
- 12x monthly monitoring reports
- $582/mo effective rate
- Save $1,398 vs. quarterly billing
- All Guardian Quarterly features included
You provide: App URL + GitHub repo Authorization: Single signed document covers full subscription
Compare Features
| Feature | Snapshot | Deep Audit | Guardian Qtr | Guardian Ann |
|---|---|---|---|---|
| HTTP security headers | ✅ | ✅ | ✅ | ✅ |
| JS bundle analysis | ✅ | ✅ | ✅ | ✅ |
| Dependency CVE scan | ✅ | ✅ | ✅ | ✅ |
| Infrastructure recon | ✅ | ✅ | ✅ | ✅ |
| Builder tool detection | ✅ | ✅ | ✅ | ✅ |
| Supabase passive scan | ✅ | ✅ | ✅ | ✅ |
| Supabase active test | ❌ | ✅ | ✅ | ✅ |
| Auth flow testing | ❌ | ✅ | ✅ | ✅ |
| API endpoint testing | ❌ | ✅ | ✅ | ✅ |
| Source code review | ❌ | ✅ | ✅ | ✅ |
| OSINT / social eng. | ❌ | ✅ | ✅ | ✅ |
| 3-pass verification | ✅ | ✅ | ✅ | ✅ |
| Remediation playbook | Basic | Detailed | Detailed | Detailed |
| Monthly monitoring | ❌ | ❌ | ✅ | ✅ |
| Quarterly full re-audit | ❌ | ❌ | ✅ | ✅ |
| Critical/High alerts | ❌ | ❌ | ✅ | ✅ |
| Priority response | ❌ | ❌ | 4 hours | 4 hours |
| Report format | PDF (mo) | PDF (mo) | ||
| Turnaround | 24-48h | 3-5 days | Continuous | Continuous |
| Authorization | ToS checkout | Signed doc | Signed doc | Signed doc |
Not a Generic Scanner. A Precision Pipeline.
22 specialized security skills run through a 3-pass adversarial pipeline. Every finding is challenged by independent model instances before a certified security professional signs off on the final report. If we can’t prove it, we don’t ship it.
Operator reviews every POTENTIAL finding
Pass 3 flags uncertain findings for mandatory human review before the PDF ships. We never auto-deliver ambiguous findings.
Signed authorization before every Tier 2+
Active testing only begins after a signed authorization document is received and stored. This protects you and us both.
Errata process for every false positive
If we got something wrong, we issue a formal errata PDF, update the findings database, and tighten the detection system. Accountability over defensiveness.
Our pipeline was built by engineers with a decade of offensive security experience. Every detection pattern, every CVSS scoring rule, and every false positive filter reflects real-world field knowledge baked into the system.
Lead Security Auditor
10 years in ethical hacking & offensive security · Name withheld pending permission
- CSCUCertified Secure Computer User
- CEHCertified Ethical Hacking background
- 10YRSField experience — web, API, infrastructure, agents
- OWASPActive application of 2025 Web, API & LLM standards
- AGENTSpecialist in OpenClaw / AI agent threat modelling
Built to Protect Both Sides.
Security auditing carries real-world stakes. Every engagement is structured to protect clients, protect ourselves, and make the terms of our work unambiguous before we start.
Signed Authorization
Active testing (Tier 2+) only begins after a signed authorization document is received, reviewed, and stored. The document defines exact scope, what is tested, what is excluded, and the legal basis for testing. Stored for 3 years minimum.
Scope disputes have a formal resolution process. Every engagement has a paper trail.
Data Retention Policy
Tier 1 scan data is deleted 90 days after delivery. Tier 2 data is retained 365 days. Guardian data is held for the subscription duration plus 90 days. Authorization documents are kept for 3 years. Early deletion available on request.
Early deletion: security@pilum.io — processed within 72 hours.
Responsible Disclosure
All findings are confidential and delivered only to the contact email on file. We operate under a published responsible disclosure policy. No findings are shared externally without written client permission. Third-party vulnerabilities are noted informational only — we never test assets outside agreed scope.
Full policy available at pilum.io/legal/disclosure
What We Test.
Full OWASP Web 2025, API 2023, and LLM 2025 coverage — plus agent-native threat vectors that no legacy scanner addresses.
| Threat Vector | Severity | Tier 1 | Tier 2 | Competitors |
|---|---|---|---|---|
| Lethal Trifecta (Memory + Skills + Soul) | CRITICAL | — | ✦ | ✕ |
| SOUL.md Jailbreak & Prompt Injection | CRITICAL | — | ✦ | Partial |
| SKILLS.md Supply Chain Attack | CRITICAL | — | ✦ | ✕ |
| MEMORY.md Secrets & PII Exfiltration | HIGH | — | ✦ | ✕ |
| AI-Generated Auth Flaws (LLM patterns) | CRITICAL | Passive | ✦ | Partial |
| Supabase Service Role Key in JS Bundle | CRITICAL | ✦ | ✦ | Partial |
| Supabase RLS Gaps & Privilege Escalation | HIGH | — | ✦ | Partial |
| Firebase Rules Misconfiguration | HIGH | Passive | ✦ | Partial |
| Dependency CVEs & Typosquatting | HIGH | ✦ | ✦ | Partial |
| Business Logic Vulnerabilities | HIGH | — | ✦ | ✕ |
| OWASP LLM01–LLM10 (2025, if AI features detected) | HIGH | — | ✦ | ✕ |
| OWASP Web A01–A10 (2025) | VARIES | Partial | ✦ | Partial |
| HTTP Security Headers | MEDIUM | ✦ | ✦ | Partial |
| GraphQL Introspection & Depth Limits | MEDIUM | — | ✦ | ✕ |
| Git History Secrets Scan | HIGH | — | ✦ | Partial |
✦ Full coverage · Passive = no active probing · Partial = surface-level only · ✕ Not covered · — Not in scope for this tier
From Payment to PDF in 48H.
No onboarding calls. No questionnaires. No back-and-forth. Pay, share the URL, receive a report you can act on immediately.
Pay & Submit
Pay via our checkout page. Share your URL. Tier 1 needs only the ToS checkbox. Tier 2 requires a signed authorization document before we start active testing.
22 Skills Run
All 22 security skills execute in parallel where safe, sequentially where order matters. Each writes to an isolated findings file. Strict SSRF protection and rate limiting throughout — we never hammer your infrastructure.
3-Pass Verification
Pass 1 generates. Pass 2 challenges every Critical and High. Pass 3 issues final verdicts. Potential findings are flagged for operator human review before PDF generation.
PDF to Your Inbox
You receive a branded Pilum report: Executive Summary, Risk Score (0–100), findings by severity, 3-level remediation playbook, and — if clean — your Pre-Launch Certificate.
Your Autonomous Agent Has a New Attack Surface
Your agent ships with tool access, persistent memory, and live infrastructure. That’s a new attack surface most auditors haven’t encountered. We audit the specific threat model that comes with agentic AI systems — and we know how the apps you build with Cursor, Bolt, Lovable, and Claude Code can fail in production.
- Lethal Trifecta workflow mapping (Memory + Skills + Soul)
- SOUL.md jailbreak & prompt injection testing
- SKILLS.md supply chain scanning for malicious logic
- MEMORY.md secrets & PII exfiltration audit
- Capability privilege escalation review
- Webhook HMAC signature & channel security
$ pilum audit ./agent-build [pass 1/3] comprehensive analysis ........ done [pass 2/3] adversarial challenge ......... done [pass 3/3] final arbitration ............. done verified findings ───────────────── ✗ F-OC-007 HIGH SKILLS.md:42 unscoped fs.write capability agent can write any path, not just workdir ✗ F-OC-014 MED MEMORY.md:18 PII persistence — phone pattern retained across session boundary ✓ 2 confirmed · 1 dismissed (false positive) report: pilum-snapshot-2026-05-13.pdf
Pilum’s 3-pass pipeline runs against your agent’s SKILLS.md, MEMORY.md, and SOUL.md — and the live application that ties them together.
Find Us on ClawHub.
Install the Pilum skill inside your OpenClaw environment. Run /pilum-preview on any URL to get a free passive security preview — powered by the same skill stack that runs full Tier 1 audits.
Pilum Security Preview
VERIFIEDRun a passive security preview on any URL. Returns top 5 findings with severity indicators. Full audit available via Tier 1.
/pilum-preview [url]Free passive preview/pilum-audit [url]Initiates Tier 1 checkout/pilum-status [job-id]Check audit queue positionWhy install the Pilum skill:
- Passive security check on every new app you build
- Automatic flag if service_role keys detected in JS bundles
- Direct Tier 1 checkout from within your agent environment
- No context switching — security stays inside your workflow
ClawHub listing pending review. Available at launch.
FAQ
If something isn’t answered here, email security@pilum.io
Your code is handled under our full data retention policy. Tier 2 repos are cloned to an isolated temporary directory during scanning and destroyed immediately after the PDF is generated. We never store, share, or retain your source code beyond the scan session. Scan metadata (finding types, severity counts, timestamps) is retained per our data retention policy (365 days for Tier 2, 90 days for Tier 1) to improve detection accuracy over time. You can request full deletion at any time: security@pilum.io.
No. Tier 1 is passive-only. We make standard HTTP GET requests to publicly accessible URLs, fetch publicly served JavaScript bundles, read HTTP response headers, perform DNS lookups, and check certificate transparency logs. We make zero POST requests, zero authentication attempts, zero form submissions, and zero API calls with parameters. Your server logs will show requests from our scanner User-Agent (PilumIO-SecurityAudit/1.0). We rate-limit ourselves to 2 requests per second maximum and will never trigger your WAF.
Every Critical and High finding goes through a structured 3-pass challenge before it reaches your report. Pass 1 generates raw findings broadly. Pass 2 (fresh context) challenges each Critical/High and demands specific proof — it has never seen the codebase and brings no author bias. Pass 3 (separate instance) makes the final call: CONFIRMED, POTENTIAL, or REMOVED. POTENTIAL findings are flagged for human operator review before the PDF is generated. Only CONFIRMED findings ship in your report. Our target false positive rate on confirmed findings is under 5%.
No. For Tier 1: we only access publicly available information — no credentials required. For Tier 2: we test against your staging environment or use read-only test credentials you provide. We never require production database write access. If you’re running an OpenClaw agent, we audit the agent configuration and skill files — not live memory or production data stores.
The Pilum report contains: an Executive Summary in plain English (one page, suitable for sharing with non-technical stakeholders), a Risk Score from 0–100 based on CVSS 3.1, confirmed findings organized by severity with full evidence and OWASP mapping, a 3-level remediation playbook per finding (DIY copy-paste, free tool, or hire someone with exact brief), a scan limitations section disclosing anything we couldn’t test, and a scope notice. Tier 1 includes an IDS notice explaining what requests we made. A Pre-Launch Certificate page is included if zero Critical or High findings are confirmed.
When you pay, your job enters the operator queue. You receive a confirmation email with your queue position and estimated delivery time. The operator processes jobs in order within each tier’s delivery window: Tier 1 within 48h, Tier 2 within 3–5 days. During our portfolio phase, we’re running slightly above standard capacity to build our case study library — you’ll benefit from faster delivery during this period. If we’re AFK when you order, the queue holds your position — nothing is lost and delivery timing starts from confirmation, not from when we first see the order.
The Deep Audit is a one-time comprehensive scan. Guardian starts with the same Deep Audit, then adds continuous monitoring — monthly passive re-scans, delta analysis on code changes, and a full Deep Audit re-run every quarter. Think of it as: Deep Audit tells you what's wrong today. Guardian makes sure nothing new goes wrong tomorrow.
Yes. If you purchased a Deep Audit within the last 30 days, we'll credit the $1,499 toward your first Guardian quarter. Contact security@pilum.io to arrange this.
Guardian includes a full Deep Audit in your first week — the same $1,499 service we offer as a standalone product. Quarterly billing ensures we can deliver that level of depth sustainably while keeping your price well below what the individual services would cost separately.
Yes. Your current billing period (quarter or year) completes, then monitoring stops. No refunds for partial periods. You keep all reports generated during your subscription.
We have specialized detection patterns for Cursor, Bolt, Lovable, v0, Claude Code, OpenAI Codex, and Google Antigravity / Firebase-first stacks. Each tool has characteristic vulnerability patterns — for example, Bolt apps frequently expose Supabase service_role keys in frontend bundles, while Cursor apps tend to have inconsistent API route authentication. We fingerprint the builder tool in Pass 1 and activate the relevant specialized checklist automatically.
Yes. Email security@pilum.io with your URL and we’ll run a limited /sec-preview — up to 5 findings, severity indicators only, no remediation detail — at no charge. One free preview per domain per 24 hours. The full Tier 1 at $299 unlocks the complete report with all findings, CVSS scores, evidence, and 3-level remediation playbook.
After your PayPal payment completes, you'll receive an order confirmation email from PayPal at the email address on your PayPal account. Within 1 hour, we'll send you a welcome email from security@pilum.io with delivery details and a link to confirm your preferred password delivery channel (WhatsApp, SMS, or Signal). The password-protected PDF arrives within your tier's SLA window (Tier 1: 48 hours, Tier 2: 5 business days, Guardian: first scan within 1 week). The password itself comes via your chosen channel separately, never in the same email as the PDF — this is a security best practice we don't compromise on.
Audit reports contain detailed exploitation instructions for any vulnerabilities found. If your email is ever compromised or intercepted, an attacker could open the PDF and use that information against you. By delivering the password via a SEPARATE channel (WhatsApp, SMS, or Signal) to a phone number you verify with us, we ensure that compromising any single channel doesn't expose the report. This is the same principle banks use when they call you about suspicious transactions instead of just emailing — the channel separation is the security.
Welcome aboard. After your subscription payment, you'll receive a welcome email at the address on your PayPal account within 1 hour. The email contains a link to confirm your password delivery channel preference plus a timeline for your initial Deep Audit (typically begins within 2 business days, full report within 5 business days). After that, you receive monthly delta scans and quarterly full Deep Audit re-runs automatically. We send Critical and High findings via your chosen channel within 1 hour of discovery — fast notification matters for active threats. Questions: security@pilum.io, we respond within 24 hours.
Your Code Is Live.
Is It Safe?
A Pilum audit takes 48 hours. A breach takes considerably less.
Need ongoing protection? Plans from $1,999/quarter.
Questions? Email security@pilum.io — we respond within 24 hours.